Using a Bedrock Controller as a Secure Gateway in Legacy Systems

 
A Bedrock controller with Ethernet or serial I/O modules provides strong firewall capabilities when placed between the workstations running the SCADA platform and legacy PLCs. All data to and from a PLC is first sent to a Bedrock I/O module, which collects the data and translates it from open protocols into a secure messaging format. From there the data is passed via electromagnetic signals across a pinless backplane to the Bedrock OSA Controller. The Bedrock controller then communicates with the SCADA platform via a secure OPC UA connection.

The true strength of this solution lies not only in the security, but also in the simplicity of the system. In many instances, there is absolutely no change required to the legacy PLCs. They continue to operate as before despite the change in network architecture. Only configuration of the Bedrock OSA® controller and changes to the SCADA system are required. However, if changes to a PLC are desired, users can leverage the software defined port control on the Bedrock gateway module to enable a direct path from the workstation to the PLC, and then disable this path when their work is complete. This allows for added flexibility and diagnostic capabilities without compromising the system’s simplicity or security.

This is also an ideal way to start a phased upgrade program for aging PLCs. Frequently the Bedrock gateway controller can be installed as an upgrade to an existing PLC and support both the gateway function and the I/O and control functions of the PLC it replaces. Where space permits and minimum disruption of operations is critical, the new controller can be installed next to the old PLC and the I/O and control functions can be cut over in small phases. Over time, the process can be repeated with the remaining legacy PLCs to complete the full system upgrade. As the new Bedrock controllers replace the legacy PLCs, they connect directly to the SCADA network. The data no longer needs to go through the Bedrock gateway controller.

To learn more about the migration path from a legacy system to a secure Bedrock OSA® Remote platform, keeping reading. Here’s more about the migration path from a legacy system to a secure Bedrock OSA® platform.

 

Migration Path from a Legacy System to a Secure Bedrock OSA® Remote Platform

 
Initial Legacy System

The legacy installation shows a typical PLC/SCADA architecture.

Phase I – Secure Gateway

Install a Bedrock OSA Remote between the legacy PLC/SCADA and the HMI without having to disconnect I/O. The intrinsic security of the Bedrock OSA Remote now protects the legacy PLC/SCADA.

Phase 2 – Secure I/O

Migrate the I/O connections from a legacy PLC/SCADA to the Bedrock OSA Remote. The legacy PLC/SCADA can now be removed.

Phase 3 – Secure System

Continue to replace additional legacy PLC/SCADA until the entire control system is upgraded.


 

Migration Path from a Legacy System to a Secure Bedrock OSA® Platform

 
Initial Legacy System

The legacy installation shows a typical PLC/SCADA architecture.

Phase I – Secure Gateway

Install a Bedrock controller between the legacy PLC/SCADA and the HMI without having to disconnect I/O. The intrinsic security of the Bedrock controller now protects the legacy PLC/SCADA.

Phase 2 – Secure I/O

Migrate the I/O connections from a legacy PLC/SCADA to the Bedrock SIO. The legacy PLC/SCADA can now be removed..

Phase 3 – Secure System

Continue to replace additional legacy PLC/SCADA until the entire control system is upgraded.